Active Directory Device Discovery
LDAP or Active Directory devices can be integrated with Single Connect. Some properties must be added from the System Config Manager for discovery configuration.
If device group names are not unique, Ldap import will not occur.
- Navigate to Administration > System Config Man.
- Enter the related configuration parameters below:
The n values at the end of parameters must continue with integers starting from 0.
sc.device.integration.ldap.url: URL info of the LDAP or AD. IP or DNS names can be used. There isn’t any “_n” suffix.
Multiple LDAP urls can be added in this property. LDAP URL’s must be defined with a hash (#) separator like, ldap://10.20.30.40#ldap://10.20.30.41
sc.device.integration.ldap.baseDN_n: LDAP Base DNs values. All device and device groups will be implemented under this base DN. Multiple base DNs can be used with the separator “|”
sc.integration.ldap.eid_n: Username used to log in to the LDAP/AD to get users.
Sc.device.integration.ldap.password_n: Password of the username defined in sc.integration.ldap.eid_n.
sc.device.integration.ldap.source.name_n: Discovery source name which will be set on the devices and device groups. Single Connect can store devices from multiple sources, and must know the source of the discovered devices so it only updates these during auto discovery.
sc.device.integration.ldap.root.device.group_n: Optional, Name of root device group on Single Connect. It is used to collect all discovered devices and device groups under one specific root device.
group.sc.device.integration.ldap.user.membership_n: true or false. This a flag which sets the LDAP device discovery strategy. If it is enabled, the memberOf attribute will be used to determine device groups of devices and parent groups of device groups. Single Connect discovers all the device tree hierarchy recursively until the memberOf attribute returns empty values. If it is disabled, Single Connect uses the device dn - distinguishedName attribute to determine the device group and device group hierarchy. Every CN, or OU, except base DN at dn of device values will be converted to a device group. Ex: CN:Computer-1,CN=Computers, CN=IT Devices, OU=All Devices, <base DN> sc.device.integration.ldap.device.group.search.phrase_n: This parameter is used and mandatory only if “user.membership” is enabled. LDAP search phrase for Device Groups.
sc.device.integration.ldap.device.group.dn.filter_n: LDAP does not support advanced searches on dn - distinguishedName, such as contains, end with, start with. If this attribute is set, Single Connect will filter the Device Group search result by matching the device group dn to this parameter’s value. This parameter is optional, accepts regular expressions and is used only if user.membership is enabled.
sc.device.integration.ldap.device.search.phrase_n: Mandatory. LDAP search phrase for Devices.
sc.device.integration.ldap.device.ip.attribute_n: Mandatory. LDAP attribute name for device IP.
sc.device.integration.ldap.device.hostname.attribute_n: Optional. LDAP attribute name for device hostname. Hostname is used on displays.
sc.device.integration.ldap.device.access.protocol.attribute_n: Optional. Device access protocol LDAP attribute. Access protocol examples; RDP, SSH, VNC, SFTP.
Sc.device.integration.ldap.device.default.access.protocol_n: Mandatory. If the access protocol attribute parameter is not set or the access protocol cannot be discovered from LDAP, this parameter’s value is used.
sc.device.integration.ldap.device.element.type.id.attribute_n: Optional. Device element type LDAP attribute. Element type examples: Windows, Centos, Cisco XR.
sc.device.integration.ldap.device.default.element.type.id_n: Mandatory. If the element type attribute parameter is not set or the device element type cannot be discovered from LDAP, this parameter’s value is used.
sc.device.integration.ldap.device.port.attribute_n: Optional. Access protocol connection port LDAP attribute.
sc.device.integration.ldap.device.default.port_n: Optional. If the port attribute parameter is not set or the device connection port info cannot be discovered from LDAP, this parameter’s value is used. If this parameter is not set, the access protocol default port will be used, such as 22 for SS, 3389 for RDP.
Parameter Name | |
---|---|
sc.device.integration.ldap.baseDN_0 | Mandatory. DC=******,DC=***** Ex: DC=SingleConnect,DC=test |
sc.device.integration.ldap.device.access.protocol.attribute_0 | |
sc.device.integration.ldap.device.default.access.protocol_0 | Mandatory. Ex: RDP |
sc.device.integration.ldap.device.default.element.type.id_0 | Mandatory. Ex: windows_7 |
sc.device.integration.ldap.device.default.port_0 | |
sc.device.integration.ldap.device.element.type.id.attribute_0 | |
sc.device.integration.ldap.device.group.search.phrase_0 | Mandatory.Ex: (cn=Cert Publishers) |
sc.device.integration.ldap.device.hostname.attribute_0 | |
sc.device.integration.ldap.device.ip.attribute_0 | Mandatory. Ex: dNSHostName |
sc.device.integration.ldap.device.port.attribute_0 | |
sc.device.integration.ldap.device.search.phrase_0 | Mandatory. Ex: (objectClass=computer) |
sc.device.integration.ldap.eid_0 | Mandatory |
sc.device.integration.ldap.password_0 | Mandatory |
sc.device.integration.ldap.root.device.group_0 | Mandatory |
sc.device.integration.ldap.source.name_0 | Mandatory |
sc.device.integration.ldap.url | Mandatory ldap://***.***.***.***.*** Ex: ldap://10.20.30.40:389 |
sc.device.integration.ldap.user.membership_0 | Mandatory.true/false |
- After defining the above parameters, apply the steps outlined in the Adding Devices Automatically or Manually Trigger LDAP Sync Job sections.
Multiple LDAP device integration can be performed by duplicating the above parameters. It must have sequential numbers, starting from “0” (zero) for each LDAP, like sc.device.integration.ldap.baseDN_0, sc.device.integration.ldap.baseDN_1, sc.device.integration.ldap.baseDN_2